Hey everyone,
I have a customer who suffered a ransomware attack back in April, before we started supporting them. Their servers went offline and they found the 'HowToRestoreYourFiles.txt' file in every directory of their VMware ESXi datastores. Now, we've rebuilt their entire infrastructure in the cloud because they were still running on outdated systems like Windows XP and VMware ESXi 6.0.0.
I'm currently dealing with Dell PowerEdge R740 servers that still have all the original files, but the VMDK files are encrypted with a .vmdk.emario extension. Is there any way to recover these files or the original VMs? They're missing a lot of crucial local data and unfortunately, there wasn't a solid backup plan in place (the hackers wiped out the on-site NAS).
Feel free to ask any questions if you need more details!
1 Answer
If the data is critical, I'd recommend contacting data recovery and ransomware specialists. Trying to handle it independently usually leads to limited options, especially without backups. Getting professional help might be the best course of action here. Just keep in mind that they might find it tough to afford such services after coming out of bankruptcy.
That's a fair point. They really need to consider investing in IT services to avoid this in the future. At least now their systems are updated with Windows 11 and Windows Server 2025.